Author:BitPush
Author: Dingdang
Original title: Behind the perilous situation involving 2000 BTC:CEXledgerThe fundamental problem
On the evening of February 6, a South Korean cryptocurrency exchange...BithumbAn ordinary marketing campaign has turned into an incident worthy of being written into the annals of the crypto industry.
This was originally intended to be a small-scale "random treasure chest" event. According to the official design, the platform planned to distribute a total of approximately 620,000 Korean won in cash rewards to 695 participating users. Of these, 249 people actually opened the treasure chests and claimed their rewards, meaning each person received approximately 2,000 Korean won, equivalent to only about 1.4 US dollars. However, due to a backend unit configuration error, the reward unit was mistakenly set from KRW (Korean Won) to BTC (BTC).BitcoinInstantly, 2,000 BTC were "airdropped" to each user who actually opened the treasure chest, totaling 620,000 Bitcoins, and the displayed assets of a single account exceeded $160 million.
Based on the then-current price of approximately 98 million Korean won per coin (about $67,000), this batch of Bitcoins that "appeared out of thin air" had a book value of approximately $41.5-44 billion. Although these assets did not exist on the blockchain, they were "tradable" within the exchange's internal system. The result was almost instantaneous: within minutes, the BTC/KRW trading pair on the Bithumb platform rapidly plummeted from the global average price to 81.11 million Korean won (about $55,000), a drop of nearly 17%; the global BTC market also briefly fell by about 3%, and the derivatives market saw over $400 million in liquidations.
Is Bithumb's "lightning-fast recovery" really something to be thankful for?
In its subsequent incident disclosure announcement, Bithumb stated that within 35 minutes of the erroneous payment, it had restricted the transactions and withdrawals of 695 customers. Over 99% of the erroneous payment amount had been recovered, and the remaining 0.3% (1788 BTC) that had been sold had been replenished with the company's own assets to ensure that user assets were not affected. Simultaneously, the platform launched a series of compensation measures. Starting February 8th, user compensation measures were implemented in batches, including issuing 20,000 Korean Won in compensation to online users during the incident, refunding the price difference to users who sold at a lower price and paying an additional 10% consolation money, and offering a 0% transaction fee discount on all trading instruments for 7 days starting February 9th.
The whole matter seems to have come to a "controllable" end.
But another question still lingers in our minds: How could Bithumb generate 620,000 non-existent BTC in the background all at once?
To answer this question, we must return to the most fundamental aspect of centralized exchanges, which is also the least understood by ordinary users: the accounting method.
Unlike decentralized exchanges, where every transaction occurs directly on the blockchain and the balance is determined in real time by the on-chain state, centralized exchanges, in pursuit of ultimate transaction speed, low latency, and extremely low cost, almost all adopt a hybrid model of "internal ledger + delayed settlement".
The balance, transaction records, and profit/loss curves that users see are essentially just numerical changes in the exchange's database. When you deposit, trade, or withdraw, only the parts that actually involve the flow of on-chain assets (such as withdrawing to an external wallet, cross-exchange transfers, or large-scale internal clearing) will trigger real blockchain transfer operations. In most everyday scenarios, the exchange only needs to modify one line of database field to complete "one asset change"—this is the fundamental reason why Bithumb can "create" 620,000 BTC in a single instant to display a balance.
This model offers tremendous convenience: millisecond-level matching, zero gas fees, and support for complex financial products such as leverage, contracts, and lending. However, the other side of this convenience is a fatal trust asymmetry: users believe "my balance is my asset," when in reality, they only possess a promise (IOU) from the platform. As long as the backend permissions are large enough and the verification mechanism is loose enough, simple parameter errors or malicious operations can cause a severe disconnect between the numbers in the database and the actual on-chain holdings.
According to data disclosed by Bithumb in the third quarter of 2025, the platform actually held approximately 42,600 Bitcoins, of which only 175 were the company's own assets, with the remainder held in escrow by users. However, in this incident, the system was able to record more than ten times the actual amount of BTC held into user accounts at once.
More importantly, these "ghost balances" don't just exist in the backend display; they can participate in real matching within the platform, influencing prices and creating a false impression of liquidity. This is no longer a single technical bug, but a systemic risk inherent in the long-standing centralized exchange architecture of a severe disconnect between the internal ledger and real on-chain assets.
The Bithumb incident was simply the moment when this risk was magnified to the point that everyone could see it.
Mt. Gox: How Ledger Illusion Destroyed an Era
History has repeatedly proven this point with painful lessons. For example, the Mt. Gox crash in 2014. Although more than a decade has passed, we still remember the market panic caused by each large-scale transfer of funds to exchanges for compensation.
Mt. Gox, then the world's largest Bitcoin exchange, accounting for over 70% of Bitcoin trading volume, suddenly suspended withdrawals and declared bankruptcy in February 2014, claiming the "loss" of approximately 850,000 BTC (worth about $460 million at the time, later revised to around 744,000 in some reports). On the surface, this appeared to be a case of hackers exploiting a vulnerability in the Bitcoin protocol called "transaction plasticity," altering transaction IDs to mislead the exchange into believing withdrawals hadn't occurred, thus sending funds repeatedly. However, in-depth investigations (including a 2015 report by security teams like WizSec) revealed a more brutal truth: the vast majority of the lost Bitcoins had already been gradually stolen between 2011 and 2013, but Mt. Gox remained unaware for years because its internal accounting system never truly conducted regular and comprehensive reconciliations with the on-chain state.
Mt.Gox's internal ledger allowed for "magic transactions": employees or intruders could freely add or delete user balances without corresponding on-chain transfers. Hot wallets were repeatedly compromised, and funds were slowly transferred to unknown addresses, yet the platform continued to display "normal balances." Even after a major theft in 2011, management reportedly chose to conceal the incident rather than go bankrupt, allowing subsequent operations to continue based on a "fraction reserve." This ledger illusion persisted for years until 2014 when the hole became too large to conceal, at which point it was publicly revealed under the pretext of a "transaction plasticity bug." Ultimately, Mt.Gox's bankruptcy not only destroyed user trust but also triggered a more than 20% plunge in Bitcoin prices, becoming one of the most famous "trust collapses" in crypto history.
FTX: When Ledgers Transform from "Recording Tools" to "Cover-up Tools"
Recently, the popularity of Openclaw has sparked a new topic: the intersection of encryption and AI, which reached its peak during the FTX era. Before its collapse, FTX heavily invested in AI, most notably leading a multi-million dollar funding round for AI startup Anthropic. Had FTX not fallen, its Anthropic stake could now be worth tens of billions of dollars, but bankruptcy liquidation turned this "AI lottery ticket" into nothing. The reason for its downfall was FTX's long-standing and deliberate mismatch between its internal ledgers and real assets. Through commingling and covert operations, it turned customer deposits into a "backyard" that could be freely misappropriated.
FTX is closely tied to its quantitative trading sister company, Alameda Research, both of which are controlled by Sam Bankman-Fried (SBF). Alameda's balance sheet is filled with FTX's own native token, FTT. This asset has almost no external market anchor, and its value depends primarily on internal liquidity and artificially maintained prices. More importantly, the FTX platform granted Alameda a near-unlimited line of credit (disclosed at one point reaching $65 billion), and the true "collateral" for this line of credit was the deposits of FTX users.
These client funds were secretly transferred to Alameda for high-leverage trading, venture capital, and even SBF's personal luxury spending, real estate purchases, and political donations. Internal ledgers played a "cover" role here.
Court documents reveal that FTX's database could easily record customer deposits as "normal balances" while simultaneously using custom code in the background to keep Alameda's account in negative balances without triggering any automatic liquidation or risk s. The balances users saw on the app appeared safe and secure, but in reality, the on-chain assets had already been moved to cover Alameda's losses or to prop up the price of FTT.
The issue of FTX creditor compensation remains unresolved, and the bankruptcy liquidation process continues.
Bithumb's 35 minutes is just a narrow window.
Returning to Bithumb, the fact that this incident was resolved within 35 minutes does not mask the severity of the risk. On the contrary, it precisely illustrates the limits of emergency response: only when the number of affected users is limited (only 695), the erroneous assets have not yet been widely uploaded to the blockchain, and the platform possesses extremely strong account control capabilities (one-click batch freezing of trading/withdrawal/login permissions), can the disaster be contained to the extent that it can be patched up out of pocket. If this blunder had occurred at the platform-wide user level, or if some users had already withdrawn the "ghost coins" to other exchanges or even onto the blockchain, Bithumb could very likely have triggered a much larger systemic shock.
Even regulators have taken notice. On February 9th, the Financial Supervisory Service (FSC) of Korea stated that the recent Bitcoin mis-distribution incident on Bithumb highlighted the systemic vulnerabilities in the cryptocurrency sector, necessitating further strengthening of regulatory rules. FSS Director Lee Chan-jin pointed out at a press conference that the incident reflects structural problems in the electronic system for virtual assets, and regulators are conducting a focused review of this issue and will incorporate related risks into subsequent legislation to promote the inclusion of digital assets within a more comprehensive regulatory framework. On-site inspections have been urgently launched, and it has been clearly stated that this will be expanded to other domestic exchanges such as Upbit and Coinone, which likely indicates that regulators have understood this signal.
Conclusion
Bithumb's $40 billion ghost airdrop, seemingly absurd, is actually profound. It laid bare a long-standing problem in the most direct way. The convenience of centralized exchanges is essentially built on a highly asymmetrical trust relationship: users believe that the "balance" in their account is equivalent to real assets, when in reality it is merely a one-sided promise from the platform. Once internal controls fail or are maliciously exploited, "your balance" can vanish instantly.
Therefore, even though the Bithumb incident ended "under control," it should not be interpreted as a successful crisis management, but rather as a wake-up call that must be heard. The speed, low cost, and high liquidity pursued by exchanges are always obtained at the cost of users relinquishing direct control over their assets. As long as this premise is not addressed, such risks can never truly disappear.
